Filebeat port configuration

Hi! Im new to elastic search, I wish to send log files from filebeat to logstash. Filebeat log shows connection refused error as follows:

2017-12-07T02:43:07+05:30 ERR Failed to connect: dial tcp connectex: No connection could be made because the target machine actively refused it.

The input block of logstash conf file looks like this:

input {
	 beats {
    port => 5044
    ssl => true
	codec => multiline {
	pattern => "^(%{TIMESTAMP_ISO8601})"
      	negate => true
      	what => "previous"

I doubt that my filebeat is running on 5044. Im not able to figure out the port its running at. Seems like it not the default 5044 port. How do I configure the port for filebeat.exe.

Please show your filebeat config.

Also you should consider doing the multiline grouping in filebeat :slight_smile:

Yes, have already set the multiline grouping in filebeat: Config file looks like this.

#=========================== Filebeat prospectors =============================


- input_type: log
    - C:\Users\shreya\Data\mylog.log 
  document_type: springlog

  ### Multiline options

  # Mutiline can be used for log messages spanning multiple lines. This is common
  # for Java Stack Traces or C-Line Continuation

  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
  multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'

  # Defines if the pattern set under pattern should be negated or not. Default is false.
  multiline.negate: true

  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
  # that was (not) matched before or after or as long as a pattern is not matched based on negate.
  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
  multiline.match: before

#----------------------------- Logstash output --------------------------------
  # The Logstash hosts
  hosts: ["localhost:9600"]

#================================ Logging =====================================

logging.level: debug

Hi @warkolm, my filebeat config file looks as above

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.